Buffer Overflow Vulnerability in c-ares by c-ares
CVE-2020-22217

5.9MEDIUM

Key Information:

Vendor: C-ares
Status: C-ares
Vendor: CVE Published:; 22 August 2023

What is CVE-2020-22217?

A buffer overflow vulnerability exists in the c-ares library, specifically in the ares_parse_soa_reply function, allowing for potential memory corruption. This can lead to compromised application integrity and may be exploitable if certain parameters are manipulated. It is essential for users of the affected versions to apply the necessary updates to safeguard their systems and ensure robust security.

References

https://github.com/c-ares/c-ares/issues/333

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Aug 13, 2020

C-ares

What is CVE-2020-22217?

References

CVSS V3.1

Timeline